From ed7b46bac3fa14f95422cc4bb4655d041df51454 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 19:19:42 +0300
Subject: [PATCH] matroskademux: Skip over zero-sized Xiph stream headers

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-251
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>

Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed7b46bac3fa14f95422cc4bb4655d041df51454]
CVE: CVE-2024-47540 CVE-2024-47601 CVE-2024-47602 CVE-2024-47603 CVE-2024-47834
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 subprojects/gst-plugins-good/gst/matroska/matroska-ids.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/subprojects/gst-plugins-good/gst/matroska/matroska-ids.c b/subprojects/gst-plugins-good/gst/matroska/matroska-ids.c
index f11b7c2ce31f..ba645f7306d9 100644
--- a/gst/matroska/matroska-ids.c
+++ b/gst/matroska/matroska-ids.c
@@ -189,8 +189,10 @@ gst_matroska_parse_xiph_stream_headers (gpointer codec_data,
     if (offset + length[i] > codec_data_size)
       goto error;
 
-    hdr = gst_buffer_new_memdup (p + offset, length[i]);
-    gst_buffer_list_add (list, hdr);
+    if (length[i] > 0) {
+      hdr = gst_buffer_new_memdup (p + offset, length[i]);
+      gst_buffer_list_add (list, hdr);
+    }
 
     offset += length[i];
   }
-- 
GitLab